Manolo on Mon, 10 Sep 2012 16:19:51 +0200

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Cleaning the pari-stack

I'm using pari-gp for building a small crypto-app. Even if it is a toy
project, I want to do the things in the right way.

One big concern in cryptography is to wipe any sensitive material from
memory as fast as possible, in particular, the stack should be cleaned

In pari-gp, we have the normal stack and the pari-stack. About this
last one, we know how to free pari-objects via "gerepile"-family
functions; but if these objects contain sensitive material, this is
not zeroed; the memory is free to be reused, but it is not wiped and
the sensitive material could some way be leaked off (perhaps due to a
core dump?).

So, I think a possible solution is to call a burn_paristack() function
every time a critical calculation is done. For example:

void burn_paristack()
  pari_sp ltop = avma, st_lim = stack_lim(ltop, 1);
  size_t st_size = (ltop - st_lim)*sizeof(pari_sp);
  char *dump;

  dump = stackmalloc(st_size);
  bzero(dump, st_size);
  avma = ltop;

This way, calling to burn_paristack() zeroes half of the available
room in the stack, wiping the information held by the last used

Did I argue well? Did I miss something? May this scheme be optimized?


Manuel Pancorbo Castro